// GET: api/AccessCaApi/GetAll
public async Task <List <string> > GetAll()
{
var scopeClaim = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope");
if (scopeClaim == null || (!scopeClaim.Value.ContainsAny("access_as_user")))
{
throw new HttpResponseException(new HttpResponseMessage {
StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'access_as_user' or scope claim not found"
});
}
AuthenticationResult result = null;
_tokenAcquisition = new TokenAcquisition(new AuthenticationConfig());
// In the case of a transient error, retry once after 1 second, then abandon.
// Retrying is optional. It may be better, for your application, to return an error immediately to the user and have the user initiate the retry.
bool retry = false;
int retryCount = 0;
do
{
retry = false;
try
{
result = await _tokenAcquisition.GetUserTokenOnBehalfOfAsync(caResourceIdScope);
}
catch (MsalUiRequiredException ex)
{
await _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync((caResourceIdScope),
ex, HttpContext.Current.Response);
throw new HttpResponseException(new HttpResponseMessage {
StatusCode = HttpStatusCode.Forbidden
});
}
} while ((retry == true) && (retryCount < 1));
/*
* You can now use this access token to accesss our Conditional-Access protected Web API using On-behalf-of
* Use this code below to call the downstream Web API OBO
*/
string oboAccessToken = result.AccessToken;
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", oboAccessToken);
List <string> lstUsers = new List <string>();
HttpResponseMessage response = await _httpClient.GetAsync(_TodoListDownstreamBaseAddress + "/api/CallGraph");
if (response != null && response.StatusCode == HttpStatusCode.OK)
{
string content = response.Content.ReadAsStringAsync().Result;
lstUsers = JsonConvert.DeserializeObject <List <string> >(content);
return(lstUsers);
}
throw new HttpRequestException($"Invalid status code in the HttpResponseMessage: {response.StatusCode}.");
}
// GET: api/ConditionalAccess
public async Task <string> Get()
{
var scopeClaim = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope");
if (scopeClaim == null || (!scopeClaim.Value.ContainsAny("access_as_user")))
{
throw new HttpResponseException(new HttpResponseMessage {
StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'access_as_user' or scope claim not found"
});
}
AuthenticationResult result = null;
_tokenAcquisition = new TokenAcquisition(new AuthenticationConfig());
// In the case of a transient error, retry once after 1 second, then abandon.
// Retrying is optional. It may be better, for your application, to return an error immediately to the user and have the user initiate the retry.
bool retry = false;
int retryCount = 0;
do
{
retry = false;
try
{
result = await _tokenAcquisition.GetUserTokenOnBehalfOfAsync(caResourceIdScope);
return("protected API successfully called");
}
catch (MsalUiRequiredException ex)
{
await _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync((caResourceIdScope),
ex, HttpContext.Current.Response);
throw new HttpResponseException(new HttpResponseMessage {
StatusCode = HttpStatusCode.Forbidden
});
}
} while ((retry == true) && (retryCount < 1));
/*
* You can now use this access token to accesss our Conditional-Access protected Web API using On-behalf-of
* Use this code below to call the downstream Web API OBO
*
* string oboAccessToken = result.AccessToken;
* private HttpClient httpClient = new HttpClient();
* httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
* HttpResponseMessage response = await httpClient.GetAsync(WebAPI2HttpEndpoint (App ID URI + "/endpoint");
*/
}